Aid Workers Face Expulsion From Gaza. They Hope EU Privacy Laws Can Save Them.

The Israeli registration mandate represents a rare convergence of security policy and data‑privacy law, forcing NGOs to choose between compliance and operational continuity. Under the new rules, foreign aid groups must submit exhaustive personal information on employees, donors, and even family members, a requirement that directly conflicts with the EU’s General Data Protection Regulation (GDPR). The GDPR mandates purpose limitation, data minimisation, and adequate safeguards for cross‑border transfers, standards that many NGOs argue Israel cannot meet. As a result, several organisations have filed a petition with Israel’s High Court, contending that compliance would constitute a criminal offence under EU law.

Beyond the legal tussle, the stakes are humanitarian. If the NGOs withdraw or are barred, Gaza could see a rapid erosion of essential services such as medical care, food distribution, and shelter provision. Analysts estimate that up to 37 major NGOs, which together deliver a significant share of aid, could be forced out, potentially triggering a collapse of the aid delivery network in March. This scenario would exacerbate an already dire humanitarian crisis, increasing civilian casualties and deepening economic hardship in the enclave.

The EU’s response underscores the broader geopolitical implications. European commissioners have warned that the Israeli measures undermine the adequacy decision that currently recognises Israel’s data‑protection framework as comparable to the EU’s. By challenging the rule, the EU signals a willingness to defend its privacy standards and protect its civil‑society partners abroad. Continued diplomatic pressure could lead to a revision of the registration law, preserving both data‑privacy rights and the flow of humanitarian assistance to Gaza.